Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-06-20 03:54:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

Enforce validity period on server_keys for fed requests. (#5321)

Browse source 
When handling incoming federation requests, make sure that we have an
up-to-date copy of the signing key.

We do not yet enforce the validity period for event signatures.
This commit is contained in:
Richard van der Hoff 2019-06-03 22:59:51 +01:00 committed by GitHub
parent fe2294ec8d
commit fec2dcb1a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 228 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

5
synapse/groups/attestations.py
View file

@ -97,10 +97,11 @@ class GroupAttestationSigning(object):
# TODO: We also want to check that *new* attestations that people give
# us to store are valid for at least a little while.
if valid_until_ms < self.clock.time_msec():
now = self.clock.time_msec()
if valid_until_ms < now:
raise SynapseError(400, "Attestation expired")
yield self.keyring.verify_json_for_server(server_name, attestation)
yield self.keyring.verify_json_for_server(server_name, attestation, now)
def create_attestation(self, group_id, user_id):
"""Create an attestation for the group_id and user_id with default